| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025081906-CVE-2025-38560-d265@gregkh> Date: Tue, 19 Aug 2025 19:18:07 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific mitigation is to touch the first and last byte of each 4K page that is being validated. There is no need to perform the mitigation when performing a page state change to shared and rescinding validation. CPUID bit Fn8000001F_EBX[31] defines the COHERENCY_SFW_NO CPUID bit that, when set, indicates that the software mitigation for this vulnerability is not needed. Implement the mitigation and invoke it when validating memory (making it private) and the COHERENCY_SFW_NO bit is not set, indicating the SNP guest is vulnerable. The Linux kernel CVE team has assigned CVE-2025-38560 to this issue. Affected and fixed versions =========================== Fixed in 6.1.148 with commit 1fec416c03d0a64cc21aa04ce4aa14254b017e6a Fixed in 6.6.102 with commit 1fb873971e23c35c53823c62809a474a92bc3022 Fixed in 6.12.42 with commit aed15fc08f15dbb15822b2a0b653f67e76aa0fdf Fixed in 6.15.10 with commit a762a4c8d9e768b538b3cc60615361a8cf377de8 Fixed in 6.16.1 with commit f92af52e6dbd8d066d77beba451e0230482dc45b Fixed in 6.17-rc2 with commit 7b306dfa326f70114312b320d083b21fa9481e1e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38560 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/x86/boot/cpuflags.c arch/x86/boot/startup/sev-shared.c arch/x86/coco/sev/core.c arch/x86/include/asm/cpufeatures.h arch/x86/include/asm/sev.h arch/x86/kernel/cpu/scattered.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/1fec416c03d0a64cc21aa04ce4aa14254b017e6a https://git.kernel.org/stable/c/1fb873971e23c35c53823c62809a474a92bc3022 https://git.kernel.org/stable/c/aed15fc08f15dbb15822b2a0b653f67e76aa0fdf https://git.kernel.org/stable/c/a762a4c8d9e768b538b3cc60615361a8cf377de8 https://git.kernel.org/stable/c/f92af52e6dbd8d066d77beba451e0230482dc45b https://git.kernel.org/stable/c/7b306dfa326f70114312b320d083b21fa9481e1e
Powered by blists - more mailing lists